Store your AWS Keys on a Keyring

Necessity is the mother of invention and even with all the tools provided by our partners, Vibrato’s engineers still find that there are times when there’s a gap in a service and they have to do some development. Automation Engineer and Vibrato's resident HashiCorp expert, Tristan Morgan had an AWS key issue that he set out to solve by creating his own tool.

I was confronted with a situation that needed a way to store AWS access keys securely and access them with command line tools. I searched around and saw different solutions including shell scripts and just flat files but I thought "Wouldn't it be better to store them encrypted in the macOS Keychain?" and digging around found an existing tool that did that. The problem was it didn't do quite all the things I needed it to. I submitted Pull requests to add some of the features but eventually the original author moved on or lost interest and my additions were no longer being accepted in a reasonable timeframe.

To fill this gap, I started working on my own tool to do all the things I wanted. With a clear use case and motivation I created the Awskeyring. It is intended to help you work with command line tools like the aws-cli in those stages of development where a central service like HashiCorp Vault isn't available. I wanted it to be more maintainable than a monster script, so I've tried to structure it and setup automated tests to make sure it stays working.

It stores your AWS access keys and provides an easy interface to access them, it even provides shell-completion, so if you can't remember if it was 'test' or 'testing', you can just hit tab to have it complete for you. You can assume roles across accounts and use multi-factor-authentication. Opening the AWS Console is a single shell command and you also have the choice of executing an external command with the needed credentials or exporting environment variables to run several commands.

Using it personally, it is shaping up pretty well and by making it available to the public through an open source license means that if you have a use for it, you can use it too. Soon I will add a feature to rotate access keys in a simple manner. Check it out and leave any feature requests on our Github Repository.

Vibrato prides ourselves on our community involvement and our commitment to new, interesting technology innovations. For the opportunity to be a part of this, either as a Vibratii, partner or client, register your interest below.